Topic Last Modified: 2010-10-01

Verifies the configuration of the Kerberos account assigned to a site.


Test-CsKerberosAccountAssignment -Identity <XdsIdentity> [-Report <String>]


Parameter Required Type Description




Name of the site where the Kerberos account was assigned. For example: -Identity "site:Redmond".




Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\TestKerberos.html".



Switch Parameter

Reports detailed activity to the screen as the cmdlet runs.

Detailed Description

In Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2, IIS ran under a standard user account. This had the potential to cause issues: if that password expired you could lose your Web Services, an issue that was often difficult to diagnose. To help avoid the issue of expiring passwords, Microsoft Lync Server 2010 enables you to create a computer account (for a computer that doesn’t actually exist) that can serve as the authentication principal for all the computers in a site that are running IIS. Because these accounts use the Kerberos authentication protocol, the accounts are referred to as Kerberos accounts, and the new authentication process is known as Kerberos web authentication. This enables you to manage all your IIS servers by using a single account.

The Test-CsKerberosAccountAssignment cmdlet provides a way for you to verify that a Kerberos account has been associated with a given site, that this account has been configured correctly, and that the account is working as expected.

Who can run this cmdlet: To return a list of all the role-based access control (RBAC) roles this cmdlet has been assigned to (including any custom RBAC roles you have created yourself), run the following command from the Windows PowerShell prompt:

Get-CsAdminRole | Where-Object {$_.Cmdlets –match "Test-CsKerberosAccountAssignment"}

Input Types

None. Test-CsKerberosAccountAssignment does not accept pipelined input.

Return Types

Test-CsKerberosAccountAssignment does not return any objects or values.


-------------------------- Example 1 ------------------------

Copy Code
Test-CsKerberosAccountAssignment -Identity site:Redmond

The command shown in Example 1 verifies that the Kerberos account assigned to the Redmond site is configured correctly and is working as expected.

See Also